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CLEAR TEXT TRANSMISSION SECURITY METHOD 

FIELD OF THE INVENTION 
[0001] The present invention relates to transmission of clear-text 
data, and more particularly, to the transmission of clear text data by customer 
Ouseable transaction terminals. 

BACKGROUND OF THE INVENTION 
[0002] Transaction terminals are utilized in a variety of 
environments, such as retail establishments, automatic teller machines, gas 
pump payment terminals, and the like. These transaction terminals often 
have personal identification number (PIN) entry devices. These PIN entry 
devices typically include a keypad for entering data into the PIN entry device 
and a display for displaying messages to the customer, including prompting 
for the entry of data. The PIN entry device is often interfaced to a credit card 
reader to permit credit card numbers to be input into the PIN entry device by 
"swiping" them through the reader. Many of the messages displayed on the 
display are sent to the PIN entry device by the remote controller. The PIN 
entry device is typically linked to a remote device, such as a remote controller, 
such as via a network. 

[0003] A concern with PIN entry devices that are linked to remote 
controllers via a network is that a hacker could hack into the network and 
monitor data that is being sent from the PIN entry device to the remote 
controller. To avoid the hacker obtaining sensitive data, such as credit card 
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5 numbers and personal identification numbers, PIN entry devices have utilized 
security schemes to protect the data being sent to remote controllers, such as 
DES encryption. (Other types of encryption could also be used, such as 
double and triple DES, AES, RSI and PKI.) In this regard, In July, 1997, the 
Associations of Visa and MasterCard published a document entitled "Joint 
10 Point-Of-Sale PIN-Entry-Device Security Requirements," commonly referred 
to as the PED Spec, in which they outlined what they considered to be 
"minimum acceptable security standards" in PIN entry devices. 

[00041 In some transaction terminals, however, it Is desirable 
that the PIN entry device be able to transmit clear text data to the remote 
15 controller. In the context of this application, the term "clear text data" or 
transmission of data in "clear text form" means data that is transmitted in a 
standard format, such as ASCII, without securing it using techniques such as 
encryption. For example, in some applications of PIN entry devices used on 
gas pumps, non-sensitive data, such as odometer readings and license 
20 numbers, is entered by the user via the PIN entry device and sent to the 
remote terminal as clear text data. An example of such an application would 
be a fueling station for a commonly owned fleet of vehicles where the fleet 
owner collects data, such as odometer readings of the vehicles, each time the 
vehicles are fueled in order to better manage the fleet of vehicles. This type 
25 of data is typically transmitted as clear text data to avoid the overhead 
involved in encrypting it. 

[0005] A problem presented by the transmission of clear text 
data from the PIN entry device to the remote controller is that if a hacker is 
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able to hack into the network connecting the PIN entry device to the remote 
controller, the hacker could emulate the remote controller sending a data 
entry prompt to the PiN entry device so that the PIN entry device displays the 
hacker's prompt. The hacker's prompt could be a prompt for the entry of 
sensitive information, such as credit card numbers or PINs. If a user then 
keys this information into the PIN entry device and it is transmitted in clear 
text form, the hacker would then be able to obtain the sensitive information 
with the possibility that this sensitive information would then be used for 
improper purposes, such as fraudulent ATM withdrawals. 

[0006] To avoid sensitive information being transmitted in clear 
text form, the PED Spec, requires that data that is entered into the PIN entry 
device can be transmitted to the remote controller as "clear text" data only if it 
was input in response to a data entry prompt that is a "secure prompt." In this 
regard, a "secure prompt" as that term is used herein means a prompt that 
prompts for the entry of non-sensitive data, such as odometer readings. 

[0007] In order to comply with the PED Spec, requirements 

governing the transmission of clear text data, manufacturers of PIN entry 
devices have included a table of secure prompts in the memory of the PIN 
entry devices. The PIN entry device then transmits in clear text form data that 
is entered into it only if the data entry prompt received from the remote 
controller matches one of the secure prompts in the table. 

[0008] A problem presented by the above described technique 
of matching the data entry prompt with the prompts in the secure prompt table 
is that remote controllers made by different manufacturers often use 
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5 somewhat different prompts to prompt for the entry of the same information. 
For example, prompts for the entry of the user's zip code might take the form 
of "ENTER ZIP" or "ENTER ZIPCODE." To accommodate the variations in 
these prompts, manufacturers of PIN entry devices have heretofore included 
each secure prompt variation in the secure prompt table. This, however, 

10 increases the size of the secure prompt table with a consequent increase in 
the amount of memory used to store it. 

[0009] It is an objective of this invention to allow for variations in 
secure prompts without storing each variation in the secure prompt table. 

15 SUMMARY OF THE INVENTION 

[0010] A clear text security method in accordance with this invention 
has a table of secure prompts stored in memory of a transaction terminal, 
such as memory of a PIN entry device, that is connected to a remote device. 
Upon receipt of a display command having a data entry prompt followed by 

20 the receipt of a command for entry of data into the transaction terminal to be 
transmitted back to the remote device as clear text data, the data entry 
prompt is compared to prompts stored in a table of secured prompts. Data 
entered into the transaction terminal is transmitted in clear text form only if the 
data entry prompt matches any prompt in the secure prompt table, matches 

25 only a portion of any prompt in the secure prompt table, or any prompt in the 
secure prompt table matches only a portion of the data entry prompt. 

[0011] Further areas of applicability of the present invention will 
become apparent from the detailed description provided hereinafter. It should 
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5 be understood that the detailed description and specific examples, while 
indicating the preferred ennbodiment of the invention, are intended for 
purposes of illustration only and are not intended to limit the scope of the 
invention. 

10 BRIEF DESCRIPTION OF THE DRAWINGS 

[0012] The present invention will become more fully understood 
from the detailed description and the accompanying drawings, wherein: 

[0013] Fig. 1 is a block diagram of a prior art personal identification 
number entry device; and 
15 [0014] Fig. 2 Is a flow chart of the method of the invention. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 
[0015] The following description of the preferred embodiment(s) is 
merely exemplary in nature and is in no way intended to limit the invention, its 
20 application, or uses. 

[0016] Referring to Fig. 1, a simplified block diagram of a prior art 
PIN entry device 10 is shown. PIN entry device 10 has a keyboard/display 12 
which has a display 14, such as a 2 x 16 dot matrix vacuum fluorescent 
display, a plurality of screen addressable keys 16, a plurality of soft function 
25 keys 18, alpha/numeric keys 20, Clear No key 22 and Enter/Yes key 24. PIN 
entry device 10 further includes a computing device 26, such as a 
microprocessor coupled to keyboard/display 12 and to memory 28. PIN entry 
device 10 is coupled to a remote controller 30, such as by network 32. A 
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5 table of secured prompts, comparable to those shown in Table 1 below is 
stored In memory 28 of PIN entry device 10. 

[0017] In operation, PIN entry device 10 and remote controller 30 
exchange data messages over network 32. Among them are messages sent 
by remote controller 30 to PIN entry device 10 that include prompts to be 

10 displayed on display 14 of PIN entry device 10 that prompt the user of PIN 
entry device 10 to enter information, such as with alpha/numeric keys 20. 

[0018] One type of prompt sent by remote controller 30 to PIN entry 
device 10 is to prompt for input of non-sensitive information that is then 
transmitted to remote controller 30 by PIN entry device 10. Once the 

15 information is entered and the user presses EnterA'es key 24, the information 
that the user entered is transmitted by PIN entry device 10 to remote 
controller 30. If the prompt requested the user to enter sensitive information, 
such as a credit card number or a PIN number, the information is secured, 
such as by encryption, before it is transmitted to remote controller 10. On the 

20 other hand, if the prompt requests input of non-sensitive information, the 
information is transmitted to remote controller 30 in clear text form. 

[0019] As discussed above, to protect against sensitive information 
being input in response to a "bogus" prompt resulting in it being transmitted to 
remote controller 30 in clear text form, PIN entry device 10 transmits data 

25 input in response to a prompt as clear text data only when the data entry 
prompt for the data that is input matches a prompt in the secured prompt 
table. Heretofore, however, that data entry prompt has had to match exactly a 
prompt in the secured prompt table. In this regard, the display command sent 
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5 to PIN entry device 10 by remote controller 32 can include a number for the 
data entry prompt instead of the data entry prompt. The PIN entry device 10 
then displays the prompt corresponding to the data entry prompt number and 
the determination of whether the data entry prompt is a secure prompt can be 
made based on whether the prompt number for the data entry prompt is in the 
1 0 table of secured prompts. 

[0020] Fig. 2 is a flow chart of the method of the present invention 
that can advantageously be implemented in a PIN entry device, such as prior 
art PIN entry device 10. The inventive method will be described in the context 
of implementation in prior art PIN entry device 10. However, describing the 
; 15 inventive method in the context of implementation in prior art PIN entry device 
J. 10 is not to be construed as indicating in any way that the inventive method is 
in the prior art. 

[0021] At block 102, PIN entry device 10 receives a display 
command from remote controller 30 that includes a prompt (or prompt number 

20 of the prompt) to be displayed on keyboard/display 12 of PIN entry device 10. 
At block 104, PIN entry device 10 then displays the prompt on 
keyboard/display 12. The display command is followed by a key string Input 
command received at block 106 by PIN entry device 10 from remote controller 
30 that directs PIN entry device 10 to wait for a string of key inputs from 

25 keypad/display 12 and upon their input, to transmit them as clear text data to 
remote controller 30. Before accepting the key string input command, PIN 
entry device 10, at block 108, compares the data entry prompt received in the 
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5 display command with the prompts in the table of secured prompts. Table 1 is 
an Illustrative table of secure prompts. 



TABLE 1 


Message Number 


Line 1 


Line 2 


Message 1 


ENTER VEHICLE 




Message 2 


ENTER ODOMETER 




Message 3 


ENTER DRIVER 




Message 4 


ENTER Lie 




Message 5 


ENTER JOB 




Message 6 


ENTER CODE 




Message 7 


ENTER DATA 




Message 8 


ENTER USER DATA 




Message 9 


ENTER DEPT 




Message 10 


ENTER ZIPCODE 




Message 1 1 


PLEASE ENTER 5 


DIGIT ZIP 


Message 12 


ENTER USER ID 




Message 13 


ENTER CUSTOMER 


DATA 


Message 14 


ENTER EXPIRATION 




Message 15 


ENTER AUTH 




Message 16 


ENTER ACCOUNT 




Message 17 


ENTER AMOUNT 




Message 1 8 


ENTER VALUE 




Message 19 


ENTER CARD 




Message 20 


ENTER TAG 




Message 21 


ENTER KEYFOB 




Message 22 


ENTER PRODUCT 




Message 23 


ENTER POINTS 




Message 24 


ENTER FREQUENT 




Message 25 


ENTER CLUB 




Message 26 


ENTER CAR WASH 




Message 27 


ENTER FOOD 




Message 28 


ENTER SERVICE 




Message 29 


ENTER MENU 




Message 30 


ENTER STORE 




Message 31 


ENTER MESSAGE 




Message 32 


ENTER LOCATION 




Message 33 


ENTER EMPLOYEE 




Message 34 


ENTER REF 





[0022] If the data entry prompt matches any prompt in the table of 
10 secure prompts (or the prompt number for the prompt is in the table of secure 
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5 prompts), or if the data entry prompt matches only a portion of any prompt in 
the table of secure prompts, or if any prompt in the table of secured prompts 
matches only a portion the data entry prompt, PIN entry device 10 determines 
that the data entry prompt was a secure prompt and waits on a string of key 
inputs from keyboard/display 12 at block 110. For example, if the data entry 
10 prompt was "ENTER ZIP," since this matches the first part of the "ENTER 
ZIPCODE" prompt in the secure prompt table, PIN entry device 10 would 
determine that the "ENTER ZIP" data entry prompt was a secure prompt. 
Similarly, if the data entry prompt was "ENTER DRIVE #" or "ENTER DRIVE 
^ ID," PIN entry device 10 would determine that this data entry prompt was also 

- 15 a secure prompt in that the "ENTER DRIVER" prompt in the secure prompt 
table matches the first part of these data entry prompts. In making the 
comparison, spaces and alphabetic cases are preferably ignored. 

[0023] If PIN entry device 10 determines that the data entry prompt 
is a secure prompt, then, upon entry of the string of key inputs, PIN entry 
20 device 10 transmits them as clear text data to remote controller 30 at block 
112. If, at block 108, PIN entry device 10 determines that the data entry 
prompt is not a secure prompt, it then rejects at block 114 the key string input 
command by sending an end-of-transmission (EOT) message to remote 
controller 30 and displaying on keypad/display 12 an error message, such as 
25 "DATA ENCRYPTION ERROR." 

[0024] By accommodating variations in secure prompts for the entry 
of the same information into PIN entry device 10, the inventive method 
reduces the number of entries required in the secure prompt table stored in 
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memory 28, thus reducing the amount of memory required to store the secure 
prompt table. 

[0025] The description of the invention is merely exemplary in 
nature and, thus, variations that do not depart from the gist of the invention 
are intended to be within the scope of the invention. Such variations are not 
to be regarded as a departure from the spirit and scope of the invention. 
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